diff --git a/android/res/values/strings.xml b/android/res/values/strings.xml
index eb4c54d7..bfb8d23a 100644
--- a/android/res/values/strings.xml
+++ b/android/res/values/strings.xml
@@ -154,7 +154,7 @@
 <string name="pref_timeout_info">Number of seconds before timing out a connection attempt</string>
 <string name="pref_ssl">SSL</string>
 <string name="pref_ssl_info">Select to use https</string>
-<string name="pref_ssl_trust_key">Custom SSL thumbprint</string>
+<string name="pref_ssl_trust_key">Custom SSL thumbprint (SHA-1)</string>
 <string name="pref_ssl_trust_key_info">Permit only connections to this specific certificate</string>
 <string name="pref_ssl_trust_all">Accept all SSL certificates</string>
 <string name="pref_ssl_trust_all_info">Select to allow connections from any thumbprint</string>
diff --git a/lib/src/org/transdroid/daemon/util/FakeTrustManager.java b/lib/src/org/transdroid/daemon/util/FakeTrustManager.java
index d70cc858..160f7035 100644
--- a/lib/src/org/transdroid/daemon/util/FakeTrustManager.java
+++ b/lib/src/org/transdroid/daemon/util/FakeTrustManager.java
@@ -33,7 +33,7 @@ public class FakeTrustManager implements X509TrustManager {
         	
         	// Otherwise, we have a certKey defined. We should now examine the one we got from the server.
         	// They match? All is good. They don't, throw an exception.
-        	String our_key = this.certKey.replaceAll("\\s+", "");
+        	String our_key = this.certKey.replaceAll("[^a-f0-9]+", "");
         	try {
             	//Assume self-signed root is okay?
             	X509Certificate ss_cert = chain[0];